PCI and Compliance Lead

Working at the Cumberland, you become part of something special. We’re a Mutual organisation, committed to improving the lives of our colleagues, customers, and community. Our values are incredibly important to us.

We’re on an exciting transformational journey with our people firmly at the forefront of our plans. If you want to work for a team integral in helping to drive cultural change, a team where you can bring your whole self to work bringing your energy and creativity to make a positive difference, then this is the job for you.

We have an exciting opportunity for a PCI and Compliance Lead to join our Information Security team for a fixed term of 18 months.

The Benefits

• Salary - up to £64,898 p.a. – depending on skills and experience.
• Holidays - 25 days holiday plus public holidays and the opportunity to buy and sell up to 3 days.
• Learning and Development opportunities - We want you to grow in your role. We’ll work together to support your personal and professional development.
• Hybrid Working - the tools and equipment you need to be able to work from home when you need to, depending on your role.
• Health and Wellbeing - a calendar of events and activities throughout the year, Mental Health & Wellbeing champions, and Cycle to Work scheme.
• Community Day - We offer our people an extra paid day off every year to help local charities and community organisations.

The Role

Reporting to our Information Security Assurance Manager, you’ll be responsible for oversight, management and continuous compliance of the Payment Card Industry Data Security Standard (PCI DSS) requirements across the Society within the Information Security Assurance Team.

You’ll assist in the oversight and control of all aspects of the Information Security Management System, ensuring controls and assurance audits are in place to prevent/minimise threats such as security breaches, computer viruses or attacks by cyber criminals as well as carrying out audits in line with the assurance calendar.

You’ll build key relationships with all teams / colleagues across the Society and work closely with 1st line risk colleagues, Payments and Technology.

You’ll manage the relationship with Qualified Security Assessors (QSAs); coordinating annual assessment and remediation activities, Regulatory Bodies; providing evidence and reporting for PCI compliance, and Third-Party Service Providers; completing assurance reviews and compliance verifications for suppliers handling PCI data.

About You

We’re looking for someone with significant experience in an Information Security role within a Financial Services led environment. You’ll have a strong technical understanding and background, inclusive of on premise and cloud environments

We’d like you to have a formal qualification in an Information Security discipline e.g., CISM. Where significant experience can be demonstrated, this will be considered

You’ll have in-depth knowledge in information security, having very good experience of compliance such as ISO27001, NIST, PCI DSS, REP018, CBEST & CQUEST requirements, ideally holding the PCI Internal Security Assessor qualification.

Skills, abilities and behaviours:

• Excellent interpersonal, written and verbal communication skills and the ability to work well with people at every level
• Ability to work with autonomy, be organised and able to work under pressure
• Strong relationship management and influencing skills
• Attention to detail to ensure accurate assessment and management of risk
• Strong analytical skillset
• Possess good level of understanding on general IT security concepts and principles
• Ability to effectively prioritise situations requiring urgent attention
• Ability to work as a team and on own initiative to think ‘outside of the box’ and go the extra mile
• Pro-activity and self-motivated with the proven ability to drive results and provide excellent customer services to all levels of the organisation
• High level of motivation to see success delivered through own personal efforts and those around them
• Ability to demonstrate and enhance the core values of the Society
• Willingness to work outside of normal working hours when required.